Thông tin tài liệu
www.it-ebooks.info
Nmap 6: Network
Exploration and
Security Auditing
Cookbook
A complete guide to mastering Nmap 6 and its scripting
engine, covering practical tasks for penetration testers
and system administrators
Paulino Calderón Pale
BIRMINGHAM - MUMBAI
www.it-ebooks.info
Nmap 6: Network Exploration and Security
Auditing Cookbook
Copyright © 2012 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system,
or transmitted in any form or by any means, without the prior written permission of the
publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the
information presented. However, the information contained in this book is sold without
warranty, either express or implied. Neither the author, nor Packt Publishing and its dealers
and distributors will be held liable for any damages caused or alleged to be caused directly
or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies
and products mentioned in this book by the appropriate use of capitals. However, Packt
Publishing cannot guarantee the accuracy of this information.
First published: November 2012
Production Reference: 2201112
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK
ISBN 978-1-84951-748-5
www.packtpub.com
Cover Image by Renata Gómez Cárdenas (reny5mil@hotmail.com)
www.it-ebooks.info
Credits
Author
Paulino Calderón Pale
Reviewers
Carlos A. Ayala Rocha
David Shaw
Acquisition Editor
Robin de Jongh
Lead Technical Editor
Dayan Hyames
Technical Editors
Veronica Fernandes
Nitee Shetty
Copy Editor
Insiya Morbiwala
Project Coordinator
Sai Gamare
Proofreader
Dirk Manuel
Indexer
Rekha Nair
Graphics
Valentina D'Silva
Production Coordinator
Nitesh Thakur
Cover Work
Nitesh Thakur
www.it-ebooks.info
About the Author
Paulino Calderón Pale (@calderpwn) is a very passionate software developer and
penetration tester from a Caribbean island in México called Cozumel. He learned to write code
and administer IT infrastructures early in his life—skills that came handy when he joined the
information security industry. Today, he loves learning new technologies, penetration testing,
conducting data-gathering experiments, developing software, and contributing to the open
source community. He maintains a blog of his public work at http://calderonpale.com.
In the summer of 2011, he joined Google’s Summer of Code program to work on the Nmap
project as an NSE (Nmap Scripting Engine) developer. He focused on improving the web
scanning capabilities of Nmap and has produced over 20 scripts for gathering information,
and detecting and exploiting security vulnerabilities since then.
He is the cofounder of Websec, an information security company focused on web security
operation in México (http://websec.mx) and Canada (http://websec.ca), where they
help companies in different industries secure their IT infrastructures.
www.it-ebooks.info
Acknowledgement
I would like to dedicate this book to a lot of people. Firstly, I would like to especially thank
Fyodor for giving me the opportunity of joining the Nmap project during the Google Summer
of Code. This book wouldn’t have existed if you had not taken a chance with me that summer.
My parents Edith and Paulino who have been incredibly supportive my whole life, my brothers
Omar and Yael who have made this a real fun ride, and my girlfriend Martha Moguel and
her family, who were really supportive and understanding with the lack of dates and Sunday
meals while I worked on this book.
I would like to thank the Nmap team and contributors, especially to all the people who
I’ve learned some much from—Patrik Karlsson, David Field, Ron Bowes, Daniel Miller,
Henri Doreau, Patrick Donelly, Brendan Coles, Luis Martin, Toni Ruotto, Tom Sellers and
Djalal Harouni.
I would also like to thanks all my good friends and business partners, Roberto Salgado and
Pedro Joaquín for all the extra work they had to do to cover for me, and my friends in
info-sec—Carlos Ayala, Alejandro Hernández, Luis Guillermo Castañeda, Edgar Pimienta,
Giovanni Cruz, Diego Bauche, Christian Navarrete, Eduardo Vela, Lenin Alevsk, Christian
Yerena, Humberto Ochoa, Marcos Schejtman, Angel Morelos, Eduardo Ruiz, Ruben Ventura,
Alejandro Hernández Flores (alt3kx), Luis Alberto Cortes, Oscar Lopez, Víctor Hugo Ramos
Alvarez , Antonio Toriz, Francisco León, Armin García, Roberto Martinez, Hecky, Victor Gomez,
Luis Solis, Hector Lopez, Matias Katz, Jaime Restrepo, Carlos Lozano, David Murillo, Uriel
Márquez, Marc Ruef, David Moreno, Leonardo Pigñer, Alvaro Andrade, Alfonso Deluque, and
Lorenzo Martínez. I thank all my friends in Cozumel and Victoria who I may not have seen as
much as I would have liked, lately, but who are always in my heart.
And nally, I would like to thank Packt Publishing and their staff for all the support and help
provided when publishing this book.
www.it-ebooks.info
About the Reviewers
Carlos A. Ayala Rocha is an Information Security Consultant with more than 10 years
of experience in Network Security, Intrusion Detection/Prevention, Forensic Analysis, and
Incident Response. He has analyzed, designed, and implemented solutions, procedures, and
mechanisms focused on risk mitigation for large companies, governments, internet service
providers, and homeland security agencies in Mexico and several Latin American countries.
He is an Advisory Board Member, Proctor, and Mentor for the SANS Institute, and a founding
member of the Mexican Information Security Association (ASIMX). He holds many security
industry certications, such as CISSP, GCIH, GCFA, and GPEN, among others. He currently
works as a Consulting Engineer at Arbor Networks for Latin America.
David Shaw has extensive experience in many aspects of information security. Beginning
his career as a Network Security Analyst, he monitored perimeter rewalls and intrusion
detection systems in order to identify and neutralize threats in real time. After working in
the trenches of perimeter analysis, he joined an External Threat Assessment Team as a
Security Researcher, working closely with large nancial institutions to mitigate external
risk and combat phishing attacks. He has particular interests in exploit development and
unconventional attack vectors, and was a speaker at ToorCon 12 in San Diego, CA. He is
currently the Director of Penetration Testing Technology at Redspin, specializing in external
and application security assessments, and managing a team of highly-skilled engineers.
I would like to thank my wonderful team at Redspin for allowing me the
opportunity to conduct research and hone my skills, and without whom I
would never be where I am today.
www.it-ebooks.info
www.PacktPub.com
Support les, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support les and downloads related to
your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub
les available? You can upgrade to the eBook version at www.PacktPub.com and as a print
book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
service@packtpub.com for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign
up for a range of free newsletters and receive exclusive discounts and offers on Packt
books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt’s online digital book
library. Here, you can access, read and search across Packt’s entire library of books.
Why Subscribe?
f Fully searchable across every book published by Packt
f Copy and paste, print and bookmark content
f On demand and accessible via web browser
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access
PacktLib today and view nine entirely free books. Simply use your login credentials for
immediate access.
www.it-ebooks.info
www.it-ebooks.info
Table of Contents
Preface 5
Chapter 1: Nmap Fundamentals 9
Introduction 10
Downloading Nmap from the ofcial source code repository 11
Compiling Nmap from source code 13
Listing open ports on a remote host 16
Fingerprinting services of a remote host 19
Finding live hosts in your network 22
Scanning using specic port ranges 25
Running NSE scripts 27
Scanning using a specied network interface 31
Comparing scan results with Ndiff 33
Managing multiple scanning proles with Zenmap 36
Detecting NAT with Nping 39
Monitoring servers remotely with Nmap and Ndiff 41
Chapter 2: Network Exploration 45
Introduction 45
Discovering hosts with TCP SYN ping scans 46
Discovering hosts with TCP ACK ping scans 48
Discovering hosts with UDP ping scans 50
Discovering hosts with ICMP ping scans 51
Discovering hosts with IP protocol ping scans 53
Discovering hosts with ARP ping scans 56
Discovering hosts using broadcast pings 60
Hiding our trafc with additional random data 63
Forcing DNS resolution 65
Excluding hosts from your scans 67
Scanning IPv6 addresses 69
Gathering network information with broadcast scripts 71
www.it-ebooks.info
[...]... condition variables, and mutexes in NSE 290 References 295 Index 299 iv www.it-ebooks.info Preface Nmap 6: Network Exploration and Security Auditing Cookbook is a 100 percent practical book that follows a cookbook' s style Each recipe focuses on a single task and contains command line examples, sample output, a detailed explanation, and additional tips that could come in handy Nmap' s vast functionality... profiles with Zenmap ff Detecting NAT with Nping ff Monitoring servers remotely with Nmap and Ndiff www.it-ebooks.info Nmap Fundamentals Introduction Nmap (Network Mapper) is an open-source tool specialized in network exploration and security auditing, originally published by Gordon "Fyodor" Lyon The official website (http:/ /nmap. org) describes it as follows: Nmap (Network Mapper) is a free and open source... information gathering tasks with Nmap and its scripting engine Chapter 4, Auditing Web Servers, covers tasks related to web security auditing www.it-ebooks.info Preface Chapter 5, Auditing Databases, covers security auditing tasks for MongoDB, MySQL, MS SQL, and CouchDB databases Chapter 6, Auditing Mail Servers, covers tasks for IMAP, POP3, and SMTP servers Chapter 7, Scanning Large Networks, covers tasks that... for network discovery and security auditing Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and. .. forget that you can send me your questions and I'll do my best to help you out What this book covers Chapter 1, Nmap Fundamentals, covers the most common tasks performed with Nmap Additionally, it briefly introduces Ndiff, Nping, and Zenmap Chapter 2, Network Exploration, covers host discovery techniques supported by Nmap, and other useful tricks with the Nmap Scripting Engine Chapter 3, Gathering... using a specified network interface recipe ff The Running NSE scripts recipe ff The Hiding our traffic with additional random data recipe in Chapter 2, Network Exploration ff The Forcing DNS resolution recipe in Chapter 2, Network Exploration ff The Excluding hosts from your scans recipe in Chapter 2, Network Exploration ff The Scanning IPv6 addresses recipe in Chapter 2, Network Exploration ff The... host information collected by Nmap Additionally, the Nmap Project includes other great tools: ff ff ff ff ff Zenmap: A graphical interface for Nmap Ndiff: A tool for scan result comparison Nping: An excellent tool for packet generation and traffic analysis Ncrack: An Nmap- compatible tool for brute forcing network logins Ncat: A debugging utility to read and write data across networks Needless to say, it... # nmap -p80,443 localhost 26 www.it-ebooks.info Chapter 1 ff Port range: # nmap -p1-100 localhost ff All ports: # nmap -p- localhost ff Specific ports by protocols: # nmap -pT:25,U:53 ff Service name: # nmap -p smtp ff Service name wildcards: # nmap -p smtp* ff Only ports registered in Nmap services: # nmap -p[1-65535] See also ff The Finding live hosts in your network. .. latest version of Nmap (available from http:/ /nmap. org) to follow the recipes in this book Who this book is for This book is for any security consultant, administrator, or enthusiast looking to learn how to use and master Nmap and the Nmap Scripting Engine This book contains instructions on how to carry out various penetration tests such as brute force password audits on remote networks and devices These... following command: $ nmap scanme .nmap. org The scan results should appear on the screen, showing the interesting ports and their states The ports marked as open are of special interest as they represent services running on the target host How it works The following command checks the state of the most popular ports on the host scanme nmap. org by launching a TCP port scan: $ nmap scanme .nmap. org The . www.it-ebooks.info
Nmap 6: Network
Exploration and
Security Auditing
Cookbook
A complete guide to mastering Nmap 6 and its scripting
engine,. testers
and system administrators
Paulino Calderón Pale
BIRMINGHAM - MUMBAI
www.it-ebooks.info
Nmap 6: Network Exploration and Security
Auditing Cookbook
Copyright
Ngày đăng: 16/03/2014, 03:20
Xem thêm: Nmap 6: Network Exploration and Security Auditing Cookbook pot, Nmap 6: Network Exploration and Security Auditing Cookbook pot